Podcasts about Siem

Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM's Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy

Black Hat 2025: Crogl's CEO Monzy Merza Explains How AI Can Help Eliminate Alert Fatigue in CybersecurityCrogl CEO Monzy Merza discusses how AI-driven security platforms automate alert investigation using enterprise knowledge graphs, enabling analysts to focus on threat hunting while maintaining data privacy.Security teams drowning in alerts finally have a lifeline that doesn't compromise their data sovereignty. At Black Hat USA 2025, Crogl CEO Monzy Merza revealed how his company is tackling one of cybersecurity's most persistent challenges: the overwhelming volume of security alerts that leaves analysts either ignoring potential threats or burning out from investigation fatigue.The problem runs deeper than most organizations realize. Merza observed analysts routinely closing hundreds of alerts with a single click, not from laziness or malice, but from sheer necessity. "When you look at the history of breaches, the signal of the breach was there. And somebody ignored it," he explained during his ITSPmagazine interview, highlighting a critical gap between alert generation and meaningful investigation.Traditional approaches have failed because they expect human analysts to become "unicorns" - experts capable of mastering multiple data platforms simultaneously while remembering complex query languages and schemas. This unrealistic expectation has created what Merza calls the "human unicorn challenge," where organizations struggle to find personnel who can effectively navigate their increasingly complex security infrastructure.Crogl's solution fundamentally reimagines the relationship between human intuition and machine automation. Rather than forcing analysts to adapt to multiple tools, the platform creates a semantic knowledge graph that maps data relationships across an organization's entire security ecosystem. When alerts arrive, the system automatically conducts investigations using established kill chain methodologies, freeing analysts to focus on higher-value activities like threat hunting and strategic security initiatives.The privacy-first architecture addresses growing concerns about data sovereignty. Operating as a completely self-contained system with no internet dependencies, Crogl can run air-gapped in the most sensitive environments, including defense intelligence communities. The platform connects to existing tools through APIs without requiring data movement, duplication, or transformation.Real-world results demonstrate the platform's versatility. One customer discovered their analysts were using Crogl for fraud detection - an application never intended by the original design. The system's ability to process natural language descriptions and convert them into executable security processes has reduced response times from weeks to minutes for complex threat hunting operations.For security leaders evaluating AI integration, Merza advocates an experimental approach. Rather than attempting comprehensive transformation, he suggests starting with focused pilot programs that address specific pain points. This measured strategy allows organizations to validate AI's value while maintaining operational stability.The broader implications extend beyond security operations. By removing technical barriers and emphasizing domain expertise over tool competency, platforms like Crogl enable security teams to become strategic business enablers rather than reactive alert processors. Organizations gain the flexibility to maintain their preferred data architectures while ensuring comprehensive security coverage across distributed environments.As cyber threats continue evolving, the industry's response must prioritize both technological capability and human potential. Solutions that enhance analyst intuition while automating routine tasks represent a sustainable path forward for security operations at scale. Watch the full interview: https://youtu.be/0GqPtPXD2ik Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.Guest: Monzy Merza, Founder and CEO of CROGL | On Linkedin: https://www.linkedin.com/in/monzymerza/ResourcesLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Stellar Cyber Revolutionizes SOC Cybersecurity Operations with Human-Augmented Autonomous Platform at Black Hat 2025 A Stellar Cyber Event Coverage of Black Hat USA 2025 Las VegasAn ITSPmagazine Brand Story with Subo Guha, Senior Vice President Product, Stellar Cyber____________________________Security operations centers face an unprecedented challenge: thousands of daily alerts overwhelming analyst teams while sophisticated threats demand immediate response. At Black Hat USA 2025 in Las Vegas, Stellar Cyber presented a revolutionary approach that fundamentally reimagines how SOCs operate in the age of AI-driven threats.Speaking with ITSPmagazine's Sean Martin, Subo Guha, Senior Vice President of Products at Stellar Cyber, outlined the company's vision for transforming security operations through their human-augmented autonomous SOC platform. Unlike traditional approaches that simply pile on more automation, Stellar Cyber recognizes that effective security requires intelligent collaboration between AI and human expertise.The platform's three-layer architecture ingests data from any source – network devices, applications, identities, and endpoints – while maintaining vendor neutrality through open EDR integration. Organizations can seamlessly work with CrowdStrike, SentinelOne, Sophos, or other preferred solutions without vendor lock-in. This flexibility proves crucial for enterprises navigating complex security ecosystems where different departments may have invested in various endpoint protection solutions.What sets Stellar Cyber apart is their autonomous SOC concept, which dramatically reduces alert volume from hundreds of thousands to manageable numbers within days rather than weeks. The platform's AI-driven auto-triage capability identifies true positives among thousands of false alarms, presenting analysts with prioritized "verdicts" that demand attention. This transformation addresses one of security operations' most persistent challenges: alert fatigue that leads to missed threats and burned-out analysts.The revolutionary AI Investigator copilot enables natural language interaction, allowing analysts to query the system conversationally. An analyst can simply ask, "Show me all impossible travel incidents between midnight and 4 AM," and receive actionable intelligence immediately. This democratization of security operations means junior analysts can perform at senior levels without extensive coding knowledge or years of experience navigating complex query languages.Identity threat detection and response (ITDR) emerged as another critical focus area during the Black Hat presentation. With identity becoming the new perimeter, Stellar Cyber integrated sophisticated user and entity behavior analytics (UEBA) directly into the platform. The system detects impossible travel scenarios, credential attacks, and lateral movement patterns that indicate compromise. For instance, when a user logs in from Portland at 11 PM and then appears in Moscow 30 minutes later, the platform immediately flags this physical impossibility.The identity protection extends beyond human users to encompass non-human identities, addressing the growing threat of automated attacks powered by large language models. Hackers now leverage generative AI to create credential attacks at unprecedented scale and sophistication, making robust identity security more critical than ever.Guha emphasized that AI augmentation doesn't displace security professionals but elevates them. By automating mundane tasks, analysts focus on strategic decision-making and complex threat hunting. MSSPs report dramatic efficiency gains, scaling operations without proportionally increasing headcount. Where previously a hundred thousand alerts might take weeks to process, requiring extensive junior analyst teams, the platform now delivers actionable insights within days with smaller, more focused teams.The platform's unified approach eliminates tool sprawl, providing CISOs with real-time visualization of their security posture. Executive reporting becomes instantaneous, with high-priority verdicts clearly displayed for rapid decision-making. This visualization capability transforms how security teams communicate with leadership, replacing lengthy reports with dynamic dashboards that convey risk and response status at a glance.Real-world deployments demonstrate significant operational improvements. Organizations report faster mean time to detection and response, reduced false positive rates, and improved analyst satisfaction. The platform's learning capabilities mean it becomes more intelligent over time, adapting to each organization's unique threat landscape and operational patterns.As organizations face increasingly sophisticated threats powered by generative AI, Stellar Cyber's human-augmented approach represents a paradigm shift. By combining AI intelligence with human intuition, the platform delivers faster threat detection, reduced false positives, and empowered security teams ready for tomorrow's challenges. The company's commitment to continuous innovation, evidenced by rapid feature releases between RSA and Black Hat, positions them at the forefront of next-generation security operations. Learn more about Stellar Cyber: https://itspm.ag/stellar-cyber--inc--357947Note: This story contains promotional content. Learn more.Guest: Subo Guha, Senior Vice President Product, Stellar Cyber | https://www.linkedin.com/in/suboguha/ResourcesLearn more and catch more stories from Stellar Cyber: https://www.itspmagazine.com/directory/stellarcyberLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Ed Bailey, Field CISO at Cribl, shares how Cribl and AWS are helping customers rethink their data strategy by making it easier to modernize, reduce complexity, and unlock long-term flexibility.Topics Include:Ed Bailey introduces topic: bridging gap between security data requirements and budgetCompanies face mismatch: 10TB data needs vs 5TB licensing budget constraintsData volumes growing exponentially while budgets remain relatively flat year-over-yearIT security data differs from BI: enormous volume, variety, complexityMany companies discover 600+ data sources during SIEM migration projects50% of SIEM data remains un-accessed within 90 days of ingestionComplex data collection architectures break frequently and require excessive maintenanceTeams spend 80% time collecting data, only 20% analyzing for valueData collection and storage are costs; analytics and insights provide business valuePoor data quality creates operational chaos requiring dozens of browser tabsSOC analysts struggle with context switching across multiple disconnected systemsTraditional vendor approach: "give us all data, we'll solve problems" is outdatedData modernization requires sharing information widely across organizational business unitsData maturity model progression: patchwork → efficiency → optimization → innovationData tiering strategy: route expensive SIEM data vs cheaper data lake storageSIEM costs ~$1/GB while data lakes cost ~$0.15-0.20/GB for storageCompliance retention data should go to object storage at penny fractionsDecouple data retention from vendor tools to enable migration flexibilityCribl platform offers integrated solutions: Stream, Search, Lake, Edge componentsCustomer success: Siemens reduced 5TB to 500GB while maintaining security effectivenessParticipants:Edward Bailey – Field CISO, CriblFurther Links:Cribl WebsiteCribl on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Guest: Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster?  Anton might be a “reformed” analyst but I can't resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? What helped the most in solving your big challenges?  Was there a process that people wanted to keep but it needed to go for the new tool? One thing we talked about was the plan to adopt composite alerting techniques and what we've been calling the “funnel model” for detection in Google SecOps. Could you share what that means and how your team is adopting?  There are a lot of moving parts in a D&R journey from a process and tooling perspective, how did you structure your plan and why? It wouldn't be our show in 2025 if I didn't ask at least one AI question!  What lessons do you have for other security leaders preparing their teams for the AI in SOC transition?  Resources: EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP184 One Week SIEM Migration: Fact or Fiction? EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 “Maverick” — Scorched Earth SIEM Migration FTW! blog “Hack the box” site

Centralize, retain, and query high-volume, long-term security data across Microsoft and third-party sources for up to 12 years using Microsoft Sentinel's new unified data lake. Correlate signals, run advanced analytics, and perform forensic investigations from a single copy of data—without costly migrations or data silos. Detect persistent, low-and-slow attacks with greater visibility, automate responses using scheduled jobs, and generate predictive insights by combining Copilot, KQL, and machine learning. Vandana Mahtani, Microsoft Sentinel Principal Product Manager shows how to uncover long-running threats, streamline investigations, and automate defenses—all within a unified, AI-powered SIEM experience. ► QUICK LINKS:  00:00 - Microsoft Sentinel Data Lake 01:49 - Data Management 02:46 - Table Management 03:36 - Data Lake exploration 04:17 - Advanced Hunting 05:23 - Query retention data 06:16 - Automate threat detection 07:18 - Move from reactive to predictive 08:50 - Wrap up ► Link References Check out https://aka.ms/SentinelDataLake ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Paradyn, one of Ireland's leading managed service and cybersecurity providers, has announced projected revenues of over €1.6 million in 2025 from its strategic partnership with ManageEngine, a global provider of enterprise IT management solutions. This marks a significant 100% increase from the €800,000 recorded in 2024. With a focus on the public sector, Paradyn forecasts continued momentum, anticipating 40% year-on-year growth in revenues from ManageEngine offerings Paradyn has successfully delivered ManageEngine solutions to more than 50,000 users across 40 public sector organisations and government agencies in Ireland, including the ESB, Teagasc, National Concert Hall, Dun Laoghaire County Council, Cork County Council, and Kildare County Council. The partnership has also enabled Paradyn to expand its public sector client base by 20%, underscoring the demand for robust, scalable IT management tools within government institutions. ManageEngine, the IT management division of Zoho Corporation, provides a broad suite of more than 60 enterprise-grade tools that address the end-to-end IT operations lifecycle - covering network and server monitoring, endpoint management, IT service management (ITSM), identity and access management, and security information and event management (SIEM). These tools empower public sector bodies to increase automation, improve visibility across their IT environments, reduce operational costs, and bolster their cybersecurity posture - all while ensuring that services to citizens are delivered reliably and securely. Paradyn's in-depth knowledge of public sector IT requirements, combined with its cybersecurity consulting and professional services, ensures that ManageEngine implementations are aligned with Ireland's evolving regulatory landscape, including the EU's NIS2 directive. Together, the two organisations offer a comprehensive and scalable solution for managing IT infrastructure securely and efficiently. Grace McCauley, Head of Sales - Managed Services, Paradyn, said: "Our partnership with ManageEngine allows us to deliver best-in-class IT management and cybersecurity solutions tailored to the public sector. As public services continue to digitalise, the need for reliable, secure, and cost-effective infrastructure becomes paramount. We're proud to be supporting the government in delivering modern, resilient digital services to citizens." ManageEngine's proven technology and Paradyn's hands-on approach help public sector agencies future-proof their IT environments, safeguard sensitive citizen data, and achieve operational excellence in an increasingly complex threat landscape. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience. You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.

In this episode of the Blue Dragon podcast, I interview Purav Desai, a dual Microsoft MVP recognized for his contributions in the fields of SIEM, XDR, and Microsoft Purview compliance.We discuss Purav's journey to becoming an MVP, his role as an incident responder, and the strategic importance of Microsoft Purview in governance and compliance.The conversation also covers the significance of eDiscovery in legal preparedness, common misconceptions about Microsoft security, and the implementation of data classification policies.Purav shares insights on how organizations can start their journey in Microsoft security and the evolution of data protection in collaborative tools like Teams.In this conversation, Purav discusses the balance between automation and human oversight in cybersecurity, emphasizing the importance of understanding processes before automating them.He shares a real-world incident response case that highlights the need for authority and trust in managing security incidents.The discussion also covers the emerging threat of insider risks, particularly in light of layoffs, and how organizations can leverage Microsoft tools to mitigate these risks.Finally, Purav reflects on the choice between adopting a single ecosystem versus a best-of-breed approach in security solutions, and shares his future aspirations in the cybersecurity field.LINKS➰ BlueDragon: bluedragonpodcast.com➰ Purav Desai's LinkedIn: https://www.linkedin.com/in/purav-da346393/➰ Purav Desai's Github: https://github.com/PuravsPoint➰ Purav Desai's DecipheringUAL series: https://github.com/PuravsPoint/DecipheringUALCHAPTERS(00:00:00) INTRO (00:00:30) Introduction to Purav Desai and His Achievements (00:03:49) Journey to Becoming a Dual Microsoft MVP (00:06:25) Role of an M365/Azure Incident Responder (00:09:04) Understanding Microsoft Purview Compliance and Governance (00:12:32) eDiscovery and Legal Preparedness (00:15:24) Common Misconceptions About Microsoft Purview (00:17:54) Implementing Data Classification Policies (00:22:54) The Evolution of Data Protection in Teams (00:26:32) Starting with Microsoft Security for Mid-Sized Organizations (00:30:04) Mature Endpoint Detection and Response Strategies (00:32:28) Balancing Automation and Human Oversight (00:38:09) Real-World Incident Response Lessons (00:46:10) Navigating European Regulations and Insider Threats (00:51:55) Ecosystem Choices: Best of Breed vs. All-in-One (00:55:51) Future Aspirations and Community Contributions (00:59:36) OUTRO

Guest: Svetla Yankova, Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?  What are the hardest parts about getting the right context into a SOC analyst's face when they're triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above? What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they're buying? Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015? Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do? Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?  Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?  Resources: EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog Citreno, The Backstory “Parenting Teens With Love And Logic” book (as a management book) “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)

In this expert-led session, we take you inside the world of the Security Operations Center (SOC) — the command center of modern cybersecurity. Learn how SOCs monitor, detect, and respond to threats in real time using tools like SIEM, threat intelligence, and automated response systems. We cover essential SOC functions including incident response, proactive threat hunting, and compliance alignment, while also diving into core roles such as SOC Analysts, Threat Hunters, and Incident Responders. You'll gain practical insights into SOC maturity models, workflow optimization, and how to use leading tools like Splunk, ELK, and QRadar.Perfect for aspiring SOC professionals or teams aiming to enhance their detection and response capabilities.

In this session, we explore Domain 6 of the CISSP certification — Security Assessment & Testing — one of the most critical areas for identifying vulnerabilities, validating controls, and ensuring compliance. You'll dive deep into testing methodologies such as penetration testing, vulnerability scanning, risk assessments, and continuous monitoring. We also cover static and dynamic analysis, log review processes, and how to implement SIEM, IDS/IPS, and automation frameworks to strengthen system defenses.Whether you're studying for CISSP or sharpening your security testing skills, this episode provides real-world insights, exam tips, and a solid foundation for mastering Domain 6 — all mapped to frameworks like NIST, ISO 27001, and PCI DSS.

München ist weder die Hauptstadt noch die größte Metropole Deutschlands – und trotzdem mit Abstand der teuerste Immobilienstandort. Marc und Sebastian von LEHMANN HUEBER Immobilien diskutieren mehrere Faktoren, die die Immobilienpreise in unserer bayerischen Landeshauptstadt soweit über das Niveau der anderen Top-7- Städte heben. Zudem vergleichen Sie München mit Frankfurt, Hamburg und Berlin und erklären die strukturellen Unterschiede. [Werbung]

Alan Braithwaite is Co-Founder & CTO of RunReveal, the security data platform with real-time monitoring, built-in detections, and AI-powered investigations. Today, they manage and analyze security logs for teams at Harvey, ClickHouse, Cloudflare, and Temporal. RunReveal has multiple open source projects including event stream processing library kawa and query language pql. RunReveal has raised from investors including Costanoa, Modern Technical Fund, and Runtime Ventures. In this episode, we dig into:Why today's modern security teams are rethinking data management The benefits of building RunReveal on ClickHouse How they worked with early believers / customers like TemporalTheir open source strategy and building trust with the community through open sourcing components like their event processing libraryTheir MCP server and enabling security teams to use AI to automate investigations (including the launch of their new remote MCP server)

In this session, we explore how Artificial Intelligence is revolutionizing cybersecurity, making digital defenses more intelligent, automated, and proactive. From detecting threats in real time to automating incident response, AI is transforming how organizations protect against modern cyberattacks. You'll learn how machine learning, behavior-based analytics, and AI-enhanced SIEM and EDR tools are helping security teams predict, detect, and respond to threats faster than ever before. We also cover how AI is reshaping SOC operations and why it's key to building resilient cyber defenses in an increasingly complex threat landscape.

In this session, we break down the core principles of proactive threat hunting — a critical skill for identifying and stopping cyber threats before they cause damage. Learn how security teams use behavioral analysis, threat intelligence, and tools like SIEM and EDR to detect hidden threats and reduce dwell time. We cover the techniques and mindset required to hunt down threats lurking within systems, and show how a proactive approach dramatically improves an organization's ability to prevent breaches and respond effectively.You'll also get a glimpse into advanced threat hunting and DFIR training, including hands-on learning designed to prepare you for real-world challenges in cybersecurity.

Ekco, one of Europe's leading security-first managed service providers, has announced that it has acquired Adapt IT, a Cork-headquartered IT managed service provider (MSP). The new deal, which is Ekco's sixth acquisition in two years, brings Ekco's total acquisition investment to €57 million within this timeframe. In business for more than 20 years, Adapt IT employs 37 people at its Cork location, serving customers in the small-and-medium-sized enterprises (SME) market. Its 300-strong customer base operates in industries such as manufacturing, retail, hospitality, legal, and finance. The deal bolsters Ekco's ability to support fast-growing SMEs with unified, secure, and scalable technology solutions. The acquisition of Adapt IT brings Ekco's global headcount to more than 1,000 employees and adds a seventh Irish location to its growing regional network. In addition to its three sites in Dublin, Ekco now operates in Cork, Waterford, and Laois, as well as across the UK, Netherlands, South Africa, and Malaysia. Adapt IT's expertise in Microsoft solutions will strengthen Ekco's modern working service offering for its customers, and its MSP focus will further build upon Ekco's existing managed service capabilities. Adapt IT's customer base will now benefit from Ekco's suite of advanced cloud services, automation expertise, and cybersecurity capabilities in areas including security information and event management (SIEM), security operations centres (SOC), and backup. As the cybersecurity regulatory landscape continues to evolve, Ekco will also provide peace of mind through its compliance services. Additionally, Adapt IT's teams will be able to avail of comprehensive upskilling, certification, and continuous learning opportunities to keep pace with industry demand. The deal is the latest in Ekco's wider acquisition strategy for growth and brings the total number of businesses acquired by Ekco in the last two years to six. Earlier this year, the company announced the purchase of Predatech, a UK-based cybersecurity consultancy. In 2024, it added UK legal IT specialist CTS to its portfolio of companies. 2023 saw the additions of MSPs Radius and Bluecube, as well as cloud migration and cybersecurity specialist iSystems. Cian Prendergast, CEO at Ekco MSP, said: "The acquisition of Adapt IT is the latest move in our aggressive expansion strategy which targets key acquisitions combined with sustained business growth. This strategy reflects an investment in innovation that will make us in Ekco, and our acquired companies, stronger as a result. We're building a modern, security-first MSP that helps ambitious businesses to operate with confidence and resilience. "Adapt IT, like us, is a cloud-first business that reflects our culture and has had tremendous success in building a nationwide customer base. By bringing our two companies together, we will enhance our regional footprint in a location where we see vast opportunities for our expansion, while also combining our knowledge and services to pioneer the demands of the modern enterprise. It strengthens our position as the go-to IT partner for businesses who want the reliability of a national partner with the responsiveness of a local team." John Levis, Managing Director, Adapt IT, said: "We are delighted to join the Ekco group, an Irish-founded business which is on an impressive growth trajectory. This will enable us to continue to deliver top-tier services to businesses, backed up by the skills and resources of a larger group. We are seeing that even smaller businesses are seeking enterprise-grade IT and cybersecurity solutions - Ekco's expertise will help us to meet this growing demand as the volume and complexity of cyber threats continues to rise." See more stories here.

Guest: David French, Staff Adoption Engineer, Google Cloud Topic: Detection as code is one of those meme phrases I hear a lot, but I'm not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it? What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work? Not every SIEM has a good set of APIs for this, right? What's a team to do in a world of no or low API support for this model?  If we're talking about as-code models, one of the important parts of regular software development is testing. How should teams think about testing their detection corpus? Where do we even start? Smoke tests? Unit tests?  You talk about a rule schema–you might also think of it in code terms as a standard interface on the detection objects–how should organizations think about standardizing this, and why should they? If we're into a world of detection rules as code and detections as code, can we also think about alert handling via code? This is like SOAR but with more of a software engineering approach, right?  One more thing that stood out to me in your presentation was the call for sharing detection content. Is this between vendors, vendors and end users?  Resources: Can We Have “Detection as Code”? Testing in Detection Engineering (Part 8) “So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love” book EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther Getting Started with Detection-as-Code and Google SecOps Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise From soup to nuts: Building a Detection-as-Code pipeline David French - Medium Blog Detection Engineering Maturity Matrix  

Website: https://worldharvestusa.com/Connect with World Harvest ChurchWebsite: https://worldharvestusa.com/contact Facebook: / WorldHarvestUSA.RL Instagram: / worldharvestus Additional Resources from World Harvest Church https://worldharvestclasses.vhx.tv/productsUpcoming Events: https://worldharvestusa.com/events

Cribl's Field CISO Ed Bailey discusses how customers can manage the quality and quantity of data by providing intelligent controls between data sources and destinations.Topics Include:Cribl company name originCompany helps organizations screen data to find valuable insightsEd Bailey was Cribl's first customer back in 2018Data growth of 25% yearly created seven-figure cost increasesCEOs and CIOs complained about explosive data storage costsUsers demanded more data while budgets remained constrainedBailey discovered Cribl through a random Facebook advertisementCribl Stream sits between data sources and destinationsNo new agents required, uses existing infrastructure connectionsReduced data growth from 28% to 8% within yearDevelopment cycles shortened from six weeks to two weeksBailey managed global security and telemetry data systemsOperated large Splunk instance across forty different countriesTeam spent time collecting data instead of extracting valueCribl provided consistent data control plane for operationsSmart engineers could focus on machine learning solutionsMigrated from terrible SIEM to better security platformData strategy should focus on business requirements firstNot all data has the same business valueTier one: Critical data goes to expensive platformsTier two: Important data stored in cheaper lakesTier three: Compliance data in low-cost object storageSIEM costs around one dollar per gigabyte storedData lakes cost twelve to eighteen cents per gigabyteObject storage costs fractions of pennies per gigabyteAWS partnership provides scalable infrastructure for rapid growthEC2, EKS, and S3 are heavily utilized servicesCribl Search finds data directly in object storageAvoids costly data movement for search and analysisParticipants:Edward Bailey – Field CISO, CriblSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Segment 1 - Interview with Rob Allen from ThreatLocker This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Show Notes: https://securityweekly.com/esw-411

Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Show Notes: https://securityweekly.com/esw-411

Send us a textDive deep into the critical world of security logging and monitoring as we explore Domain 7.2 of the CISSP certification. This episode unpacks the strategic considerations behind effective logging practices that balance comprehensive visibility with practical resource management.We begin with a thought-provoking look at Anthropic's new AI chatbot designed specifically for classified government environments. Could this be the beginning of something like Skynet? While AI offers tremendous capabilities for processing classified data, these developments raise important questions about reliability, oversight, and unintended consequences.The heart of this episode focuses on building a robust logging and monitoring strategy. We examine the various types of logs you should consider—security logs, system logs, application logs, network logs, and database logs—while emphasizing the importance of starting small and focusing on critical systems. You'll learn why centralized logging through SIEM platforms has become the industry standard, and how to approach log retention policies that balance regulatory requirements with storage costs.Active monitoring, passive monitoring, and the correlation of events each serve distinct security purposes. We explore how techniques like log sampling and clipping levels can help manage the overwhelming volume of data modern networks generate, while highlighting the risks of missing critical security events if these techniques aren't properly implemented.Special attention is given to egress monitoring—watching what leaves your network—as a crucial but often overlooked security practice. Since attackers ultimately need to extract data from compromised systems, monitoring outbound traffic can catch breaches even when the initial compromise was missed.The episode rounds out with discussions on emerging technologies transforming the security monitoring landscape: SOAR tools that automate security operations, the integration of AI and machine learning for threat detection, and the strategic use of threat intelligence to understand attacker methodologies through frameworks like the cyber kill chain.Whether you're preparing for the CISSP exam or working to strengthen your organization's security monitoring capabilities, this episode provides both the conceptual understanding and practical considerations you need. Connect with us at CISSP Cyber Training for more resources to support your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textOptimizing SIEM Storage Costs: Effective Logging StrategiesIs storage really as cheap as people think? This episode delves into the true cost of storage in the context of Security Information and Event Management (SIEM) systems. We explore traditional logging practices and their impact on storage, especially with the rise of cloud computing and hybrid environments. The key focus is on identifying critical applications and underlying architectures to optimize logging processes, thus controlling operational costs without compromising security. Learn about the importance of strategic log triage and maintaining an efficient security posture in a complex IT landscape.00:00 Introduction: Is Storage Really Cheap?00:20 Understanding SIEM and Log Management01:08 Strategies for Managing Operational Costs01:46 Critical vs. Less Critical Systems02:30 The Importance of a Triage Process03:06 Conclusion: Balancing Cost and Security

This is a free preview of a paid episode. To hear more, visit smokeempodcast.substack.comBrooke Siem is the author of the 2022 memoir, May Cause Side Effects, about the decade and a half she spent on anti-depressants (prescribed after her father died when she was 15) and what happened when she ditched them. Sarah is currently on anti-depressants, though she wonders whether she needs them. Nancy is not on SSRIs, though she was part of a gentle brigade who nudged Sarah to increase her dosage last year. This is a complicated knot! The ladies talk about over-medication, how cultural taboos migrate, and the problem with treating sadness, anger, frustration — very human emotions — with a pill. Also discussed:* Nancy suddenly cares about the Navy; Sarah questions this* That time Brooke wore a foxy denim jumper* “Chemical imbalance” is a hoodwink* The “Come Out of the Dark Campaign” meant to eradicate depression stigma leads to an explosion of SSRI prescriptions* SSRIs and orgasm* The opiate epidemic tracks with the anti-depressant era * “Chemical castration” didn't start with puberty blockers …* 70s-80s Ritalin vogue* Related: Does Ritalin suppress male growth?* Hold up: a link between transitioning genders and SSRIs?* Drinking and depression, a tangled saga* “Headaches are caused by an Advil deficiency”* Beware Wellbutrin* Gothic SSRI withdrawal* “I never boned a cabbie … that I'm aware of.”* That time Sarah went hypomanic …* 1 in 4 American women are on anti-depressants* The hormones and menopause of it all* “Fuck you, person at Whole Foods!”* Big Pharma / Big Food = same playbook, different expression* “Do you bake with yeast?”* WTF with Pol Pot?Plus, boozy cupcakes, a coyote sighting, was Tom Cruise right about pharmaceuticals — and much more!This one's a banger! Listen to the whole shebang when you become a paid subscriber.

Nach der zweiten Gesprächsrunde der ukrainischen und der russischen Delegation in Istanbul liegen nun die Forderungen beider Seiten auf dem Tisch. Es ist gut, dass man nun endlich wieder miteinander spricht. Hoffnungen auf einen baldigen Waffenstillstand oder gar Frieden sind jedoch nicht angebracht, liegen die Positionen beider Seiten doch meilenweit auseinander. Dabei scheinen gar nichtWeiterlesen

Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with ClickHouse as its backend, focusing on both parsed and raw logs. What's the core advantage of this approach, and how does it address the limitations of traditional SIEMs in handling scale?  Cribl, Bindplane and “security pipeline vendors” are all the rage. Won't it be logical to just include this into a modern SIEM? You're envisioning a 'Pipeline QL' that compiles to SQL, enabling 'detection in SQL.' This sounds like a significant shift, and perhaps not to the better? (Anton is horrified, for once) How does this approach affect detection engineering? With Sigma HQ support out-of-the-box, and the ability to convert SPL to Sigma, you're clearly aiming for interoperability. How crucial is this approach in your vision, and how do you see it benefiting the security community? What is SIEM in 2025 and beyond?  What's the endgame for security telemetry data? Is this truly SIEM 3.0, 4.0 or whatever-oh? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog tl;dr security newsletter Introducing a RunReveal Model Context Protocol Server! MCP: Building Your SecOps AI Ecosystem AI Runbooks for Google SecOps: Security Operations with Model Context Protocol  

You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn't. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing.In this episode, we talk about:Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging.Building authentic, value-driven communities leads to stronger cybersecurity marketing impact.Don't copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit.Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories.Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you're following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity.Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society, a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.

If you like what you hear, please subscribe, leave us a review and tell a friend!

Podcast: OT Security Made SimpleEpisode: How to build a SIEM SOC in OT? | OT Security Made SimplePub date: 2025-05-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

15 mei 2011. Na zeven lange jaren zonder titel staat Ajax op het punt om weer kampioen van Nederland te worden. De tegenstander? FC Twente. De regerend kampioen. De directe concurrent. Een week eerder nog de bekerfinale van datzelfde FC Twente verloren. Alles of niets.De Arena ademt spanning. Jong en oud, gespannen gezichten, klamme handen. Een sfeer als nooit tevoren in de Aran. Ajax moet winnen om boven Twente te eindigen. En in dat alles staat daar ineens een 23-jarige verdediger met rugnummer 3: Gregory van der Wiel.Vanaf het eerste fluitsignaal laat Ajax zien: dit is hún dag. Gedragen door de fans, voortgestuwd door emotie. En dan — Siem de Jong. Minuut 23. 1-0. De ban is gebroken.Twente spartelt, maar Ajax is meedogenloos. In de tweede helft: Landzaat kopt hem zijn eigen kruising in. 2-0. De Arena davert.Twente komt nog terug tot 2-1, maar het is te laat. Ajax houdt stand. En Siem de Jong verzilverd zijn heldenstatus. 3-1. De beslissinge. Het eindsignaal klinkt. Chaos. Opluchting. Tranen.Het is niet zomaar een titel. Het is de eerste onder Frank de Boer. Een elftal met eigen jeugd — Vertonghen, Eriksen, Van der Wiel, De Jong — keert terug op de troon. Het voelt als thuiskomen. De Arena, jaren het decor van frustratie, wordt die middag een tempel van bevrijding. Zeven jaar zonder kampioenschap eindigen hier — op deze vijfde mei.15-5-11: de dag waarop Ajax zichzelf hervond.In de podcast verwijzen Bart en Mart naar:De samenvatting van de wedstrijd: https://www.youtube.com/watch?v=CKSzLgfBYcU&ab_channel=AFCAjaxDe opkomst van Ajax voor de warming-up: https://www.youtube.com/watch?v=VDOooyWY_jY&ab_channel=ESPNNLMaarten Stekelenburg laat de schaal van de bus vallen: https://www.youtube.com/watch?v=i57okGcD7fc&ab_channel=nickvanVolenZie het privacybeleid op https://art19.com/privacy en de privacyverklaring van Californië op https://art19.com/privacy#do-not-sell-my-info.

Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes.ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don't just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.At the heart of the platform's effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it's SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.Perhaps most compelling is ManageEngine's global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?Learn more about ManageEngine: https://itspm.ag/manageen-631623Note: This story contains promotional content. Learn more.Guest: Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/ResourcesLearn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengineLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Guests:  no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according to RSA floor? How realistic is the vision expressed by some [yes, really!] that AI progress could lead to technical teams, including IT and security, shrinking dramatically or even to zero in a few years? Why do companies continue to rely on decades-old or “non-leading” security technologies, and what role does the concept of a "organizational change budget" play in this inertia? Is being "AI Native" fundamentally better for security technologies compared to adding AI capabilities to existing platforms, or is the jury still out? Got "an AI-native SIEM"? Be ready to explain how is yours better! Resources: EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines? EP119 RSA 2023 - What We Saw, What We Learned, and What We're Excited About EP70 Special - RSA 2022 Reflections - Securing the Past vs Securing the Future RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?)  [Anton's RSA 2024 recap blog] New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) [talks about the change budget discussed]

In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, Founder and CEO of Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what's driving a dramatic shift in how security teams access, analyze, and act on data.Anomali's latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali's AI operates within a secure, bounded dataset tailored to the customer's environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization's specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn't just contextual awareness—it's operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali's design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali's system doesn't just detect—it correlates attack surface data with threat activity to highlight what's both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, Founder and President at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compromised An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx Cisco Equipment Affected by Erlang/OTP SSH Vulnerability Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy

Want to land a cybersecurity job? Start with hands-on training from TryHackMe: https://tryhackme.com/why-subscribe?utm_source=youtube&utm_medium=social&utm_campaign=dakota_21aprilIn this episode, I sit down with Kenneth Ellington, cybersecurity instructor and founder of Ellington Cyber Academy, to break down how to build a high-paying career in cybersecurity—no matter your background.We talk about: ✅ How to break into cybersecurity without a degree✅ The fastest way to build real-world skills (SIEM, SOAR & more)✅ Why so many people get stuck in helpdesk and how to move forward✅ What hiring managers are really looking for✅ Strategies to land interviews and stand out from other applicantsWhether you're brand new to tech or ready to level up, this interview will give you the roadmap and mindset you need to succeed in today's cybersecurity job market.

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we'll be talking to Threatlocker's CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-402

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we'll be talking to Threatlocker's CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-402

In this episode of Security Noise, Geoff and Skyler talk with IR Practice Lead Carlos Perez and Security Consultant Zach Bevilacqua about the world of security operations. They discuss current trends, the role of AI, challenges with traditional SIEM tools, and the value of proper logging and monitoring configurations. How important are proactive measures and effective communication within SOC teams? Find out what our team has to say on this episode of Security Noise!  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402

In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-402

Author of “May Cause Side Effects” | Chef | Advocate for Informed Mental Health Decisions In this deeply moving and insightful episode, Jason sits down with Brooke Siem — award-winning chef, writer, and mental health advocate — for an honest conversation about resilience, antidepressant withdrawal, creative expression, and living life with full presence. Brooke shares her powerful story, from early childhood loss to her journey through psychiatric medication and severe withdrawal. She opens up about how the kitchen taught her resilience, how her creativity returned when she came off medications, and why she believes happiness is not just a feeling — it's a skill. Together, they explore the power of curiosity, emotional resilience, and finding meaning through life's toughest moments. This episode is a must-listen for anyone questioning conventional paths to healing, curious about the reality of psychiatric medications, or seeking inspiration to trust their own inner compass. What You'll Learn: Brooke's personal experience with antidepressant medications and the harsh realities of withdrawal The impact of childhood grief and how it shaped her early path How working in high-pressure kitchens taught her to embrace presence and adaptability Why curiosity is crucial for healing and growth The truth about the "chemical imbalance" theory of depression How art and painting became therapeutic outlets during her recovery Practical steps for cultivating nervous system regulation and resilience Why Brooke believes that happiness is a learned skill The conversation around parenting, medicating children, and systemic challenges Insights into Brooke's creative process, both as an author and a painter Guest Bio: Brooke Siem is an award-winning chef, writer, and mental health advocate. She is the author of May Cause Side Effects, a memoir about antidepressant withdrawal and healing. When she's not cooking for pro athletes, you'll find her painting, writing, and speaking about the importance of informed consent in mental health treatment.

A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we've got 50% less AI and 50% more co-hosts All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-400

Detection rules aren't just for fun—they're critical for securing cloud environments. But are you using them the right way? In this episode, Ashish Rajan sits down with David French, Staff Adoption Engineer for Security at Google Cloud, to break down how organizations can scale Detection as Code across AWS, Azure, and Google Cloud.Why prevention isn't enough—and how detection fills the gapThe biggest mistakes in detection rules that could blow up your SOCHow to scale detections across hundreds (or thousands) of cloud accountsThe ROI of Detection as Code—why security leaders should careCommon low-hanging fruit detections every cloud security team should implementDavid has spent over a decade working in detection engineering, threat hunting, and building SIEM & EDR products. He shares real-world insights on how companies can improve their detection strategies and avoid costly security missteps.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠David's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(03:06) What is Detection as Code?(03:41) What was before Detection as Code?(05:36) Business ROI for doing Detection as Code?(07:49) Building Security Operations in Google Cloud(12:41) Threat Detection for different type of workload(14:54) What is Google SecOps?(20:36) Different kinds of Detection people can create(24:46) Scaling Detection across many Google Cloud accounts(28:47) The role of Data Pipeline in Detection(31:44) Detections people can start with(34:14) Stages of maturity for detection(36:43) Skillsets for Detection Engineering(39:32) The Fun Section

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

We explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Incident Update: Unauthorized Activity Involving ETH Cold Wallet - Bybit.Bybit Launches Recovery Bounty Program with Rewards up to 10% of Stolen Funds - Bybit.ZachXBT links Bybit hack to Lazarus Group - Twitter.Online Safety Act: explainer - GOV.UKThese Are The 10 Most Complained-About TV Moments In Ofcom's History - Ofcom. Ofcom to push for better age verification, filters and 40 other checks in new online child safety code - TechCrunch.UK's internet watchdog toughens approach to deepfake porn - TechCrunch.Girlguiding research exposes alarming online harms facing girls - Charity Today News.Ofcom's approach to implementing the Online Safety Act - Ofcom. Women's abuse online: 'I get trolled every second, every day' - BBC. Amanda's funniest moments in Motherland - YouTube.Amandaland - BBC iPlayer.Cassandra Sci-Fi Thriller limited series - Netflix. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive...

DShield SIEM Docker Updates Interested in learning more about the attacks hitting your honeypot? Guy assembled a neat SIEM to create dashboards summarizing the attacks. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680 PANOS Path Confusion Auth Bypass Palo Alto Networks fixed a path confusion vulnerability introduced by the overly complex midle box chain in PANOS. https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ https://www.theregister.com/2025/02/13/palo_alto_firewall/ China's Volt Typhoon Continues to use Cisco Vulns Recorded Future wrote up some recent attacks of the Red Mike / Volt Typhoon groups going after telecom providers by compromissing Cisco systems via an older vulnerabilty https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/ Crowdstrike Patches Linux Client https://www.crowdstrike.com/security-advisories/cve-2025-1146/